S: Good morning, Kris, please excuse me. You are using WhatsApp, I presume.

If so, how are you dealing with the problem of WhatsApp uploading the address book? Ignore it? Change config? Edit address book contacts?

Why I am asking: by not using WhatsApp, I am more and more out of the loop (school, parents, sport clubs, etc). At the moment I am trying to resist, proably being the last person on Planet Earth doing that.

Out-of-network numbers are stored as one-way, irreversibly hashed values. WhatsApp uses a multi-step treatment of the numbers, with the key step being an “MD5” hash function. The phone number and a fixed salt value serve as input to the hash function, and the output is truncated to 53 bits and combined with the country code for the number. The result is a 64-bit value which is stored in data tables on WhatsApp’s servers.

The findings complain about that, because it is not perfect, but I personally believe that to be a pretty good compromise, making you discoverable without pasting the actual numbers all over the place.

The EFF reminds us that the general direction of current US politics is full steam backwards, and damn the torpedoes.

Trump’s nominee for Attorney General, Sen. Jeff Sessions said on the topic of encryption backdoors

Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.

The EFF comments:

Despite Sessions’ “on the one hand, on the other” phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It’s simply not feasible for encryption to serve what Sessions concedes are its “many valuable and important purposes” and still be “overcome” when the government wants access to plaintext.

So we are set to repeat the discussions from the crypto wars 25 years ago all over again. Math does not change, and the realities of key management aren’t, either.

Before version 2.6.0 hipster data “store” MongoDB did not by default require authentication (wait, what?) and also did bind to * instead of 127.0.0.1.

As a result, by default, each MongoDB data “store” has been accessible from the entire internet.

Scanners such as Shodan provide an index to all such MongoDB installations on the entire Internet. Enterprising anonymous “hackers” have monetized this opportunity by accessing these installations over the Internet, encrypting the data and then accepting Bitcoin for the decryption password – or scamming the installations owner, assuming that people who put production data on internet-wide installations with unauthenticated access deserve to be conned and then conned over again.

Other hipster data stores, including Elastic Search, CouchDB and Redis, are known to have similar access properties. NoSQL might actually mean “NoSequrity”.

Swiss magazine Blick reports that the Moosfluthbahn up to the Aletsch glacier is out of operation, because the glacier is melting under it. The station is brand new, and went into operation only last year.

The station up at the glacier had been constructed with the glacier melting in mind: It sits inside a concrete tub which can be righted with hydraulics. Engineering calculations have been made assuming 9 meters of movement in 25 years. The actual measured movement has been up to 0.7 meters per day, though.

The glacier is melting very rapidly, making the ground unstable. Similar things are happening all over the Alps.

Bloomberg has an article about the Car Manufacturer summit between Trump and US car manufacturers.

Basically, Trump needs manufacturing jobs for the people who voted for him, but the US car industry does not look good. More than 100 plants have been closing in the US under the last two presidents, and if one would be building cars in the US, plant and product would be looking a lot like… Tesla.

So Python is a beautiful language, which is also kind of slow. And the more cores you have, the worse it gets, because of the GIL in the most popular implementations.

Other languages are much better at concurrency, one of them supposedly being Go. So Geeks at Google have been pondering the problem, and came up with a Python-to-Go compiler called Grumpy. Read more about it in their blog.

In rigged benchmarks it looks awesome, and under real world load it supposedly performs quite well.

“With a market of more than 80 million people within a roundtrip delay of 30 milliseconds, covering all major cities of Northern Europe, the Baltic states and western Russia, Stockholm is an ideal location for cloud players and other major data center actors,” …

So how many million people are within 30ms of you? :-)

In other news, the more countries go renewable, the less they are charging for power (they may be charging for infrastructure, though). For data centers in Norway and Sweden, it appears that we are below 4 Cent/kWh now. Oh, and can we please use the exhaust heat from your computers to heat our capital, please?